firebasefirebase-authenticationerprole-base-authorization

How to login to Firebase from an ERP system?


I would like to login to Firebase from an ERP system. i.e. once logged into the ERP system, that login can be used to access a Firestore db.

The Firebase docs describe a common case: "Add an additional identifier on a user".

Is it possible to use this common case to login to Firebase from the ERP system?

Control Access with Custom Claims and Security Rules

User roles can be defined for the following common cases:

Add an additional identifier on a user. For example, a Firebase user could map to a different UID in another system.


Solution

  • If you want to use the users from an existing authentication system to authenticate against Firebase, you'll need to implement a custom authentication provider.

    With such a provider, you:

    1. Sign the user in with your existing system in a trusted environment (e.g. on a server).
    2. You then use the user's credentials to mint a custom JWT token.
    3. Send that token back the client, which then finally
    4. Uses the custom token to sign in to Firebase.

    At this point, the user is signed in to Firebase Authentication in the client, and their UID (and other properties from their token) are available in the Firestore security rules.